Thanks to /u/azvasKvklenko@sh.itjust.works for mentioning KDE window rules. In KDE, we can add rules for windows so that they behave in specific ways. One rule that can be added is the position: remember rule, and it’s possible to make that rule apply to all windows by removing the match field. This way, closing and reopening...
It wasn’t needed in x11 so I guess it wasn’t made default when Wayland dropped, since it’s something extra that the DE is checking. In any case, I have plenty processing power to spare for this fix so it’s fine by me.
yeah, insttead of blocking nsfw instances (since I think that that blocks users too), I blocked every nsfw community that popped up, and after the first week I’ve had no issues either.
I’m going to get technical. A registered passkey is basically your phone or whatever holding a private key and the server holding the public one. When you want to log in, you enter the username on the service, which contacts wherever you registered it, and asks for a verification. Then, the device creates a nonce, which is a random number to be used once (NumberONCE), and a copy of that number encrypted with the private key. Then, the service can unencrypt the piece and check that the value is the same as the unencrypted value. This process is called a digital signature, it’s a way for online processes to verify the sender of whatever.
This way, the server knows that whoever is trying to authenticate is doing it from the authorised device. The difference between sending a signed nonce and a password, is that is someone steals the signed nonce they get nothing, since usually that number gets registered somewhere so it’s not valid again or something, it’s not exactly as explained but the point is that whatever is sent can’t be sent again. Something like a timestamp in milliseconds where it will be obvious that the signature would have expired. If an attacker captures the authentication attempt, with passwords they get the actual password and can the use it again whenever, while with nonces, they can’t.
Iirc, the server sends the device a code and the device must send the signed code back, so the service knows that the one trying to authenticate is the device. No need for passwords.
Now, if you need to authenticate to gain access to that private key, that’s of course an attack vector, so if you want any kind of syncronisation of passkeys, you need to make sure that you don’t need to send a password to get the pkeys. I use bitwarden, and unless I misunderstood, you don’t authenticate against the bitwarden server, when you access your vault they actually give you you the encrypted data, which you then unencrypt with the password locally on the browser. I’ll have to double checknon this because I have a 2fa on that for extra measure butidk how it actually works. My plan for the future is to actually use a yubikey to authenticate against bitwarden, following the same logic explained above, to then gain access to a bigger pool of passkeys. This way, ultimately all access is protected with my physical key which I can connect to most devices I use, and I can, with NFC use the key to authenticate the android bitwarden app, so it should be completely usable.
In any case, passkeys are better than passwords, provided toy don’t store them in a less secure place. As we all know, the security level of a system is the security level of its weakest cog.
It’s like the initial authentication, where server and clientnexchange a symmetrical key with their asymmetrical keys. The difference is that in that exchange the server and the client meet for the first time whereas the point of pass keys is that once when you were already authenticated, you validated the device or whatever will hold the private key as a valid source, so then when the authentication code gets exchanged, both ends can verify that the other end is who they tell is, and both can verify the other end as valid, and thus that exchange authenticates you because you, in the past, while authenticated, trusted that device as valid.
Technically, yeah, it’s an asymmetrical key exchange. Iirc the server sends you a signed certificate and you need to unencrypt itnwithbtheir public key and sign it with your private key, so they can the getnit back and ensure that it was you who signed it, using your public key to check the validity of whatever was sent.
I don’t know enough to be 100% corrextbon the details, but the idea is that it’s an interaction between asymmetrical keys.
Soporta like how we use keysbto authenticate through github through SSL, but with an extra level of security where the server validates a key in a single endpoint, not wherever that private key would be held (like with SSL)
But… PAKE is used as a method for ongoing exchange of messages, you wouldnt avoid using a password when authenticating, which is the whole point of this debacle.
In really don’t see it that complex, in my last job IT installed a passkey in my laptop, which then Microsoft used to login and thorough its SSO, I just stopped using passwords altogether after logging into my PC itself. This is way more secure for the average Joe than having 5 postists with passwords pasted in the sides of the monitors. Yes this is way more common then you think, there’s a reason passwords need to be rotated all the freaking time.
Once rolled out, workers didn’t have to do anything to authenticate, as long as they were using the work laptop the company assumed that the used was the one using it, since the laptop was registered to the user, and it was way more comfortable.
It’s not really that hard to explain to people. Sending passwords is insecure because if an attacker gets the password, you lost. With passkeys, once you set it up, google/microsoft/pepapig.com will send a request to authenticate to your phone, where you will just say “yes” and they will talk with each other to give you access. If an attacker gets hold of that message, it doesn’t get anything of value because each time pepwpig.com and your phone talk with each other, they say different stuff and the attacker would just have yesterday’s responses, so they lose.
Old people won’t adopt it unless forced, just like they adopted special passwords by adding 1 and * to whatever stupid word they use and writing it next to their work monitor, in the office. They just won’t. Either IT automates everything for them or anything we develop will get completely bypassed.
as far as I remember I could always double click the .deb and the GUI would let me install it, pretty handy. Aaand it stopped working some time ago. I’m not using ubuntu outside of work and there’s not much system package installing in work environments so I’m out of touch now, but it was handy at the time.
you can go into the command line and write “flatpak upgrade”, but every time I open the discord app it apparently downloads something, idk if it’s self updating correctly or not.
Most comments have been positive, so I’m gonna list all my issues. Using endeavours with KDE 6.2 and the AUR explicit sync patch, 5800 ryzen CPU and 3080 NVIDIA GPU.
The discord xwayland app can’t share screen, and the waycord app that fake chromiums the web interface that let’s you share screen has the sound bug out sometimes with large sound spikes. So if I want to share the screen I have to open the second app and then close it fast to minimize the chances I annoy my friends.
Window positioning. It almost seems a flagship Wayland issue. I would love if apps remembered on which screen and position I left them the next time I open them, telegram opens in the middle of the primary monitor, and I have to drag it to the right of the secondary one every time I switch on the PC.
Shutting down in any way that is not opening the console and typing reboot or “shutdown now” takes way way longer and sometimes bugs out. This might not be a Wayland issue, but a KDE one.
The tdrop program that let’s you interact with any terminal as if it were a dropdown terminal doesn’t work in Wayland, and it just isn’t the same to open a terminal in the normal way, is lame. Foot is a good terminal for sure but I want the dropdown effect.
I can’t think of anything else right now, most explicit sync issues I had were fixed with the AUR patch, so of anyone has those issues wait until the real patch comes around and they will get fixed. It was quite annoying without the patch though, some programs glitched visually hard and several games were unplayable due to the heavy ghosting (dark souls 2 and dragon’s dogma 2, for example). I’ll add to this comment if I remember anything else. Even if the issue was recently fixed it’s good to have a list of stuff so that people can check it out and confirm that it’s fixed, for posteriority.
Yeah, 6.0.2, the version available in the arch repos.
I’ll check the video bridge, thanks! – Update on this, apparently I was already using it since it ships by default with KDE, it seems to be a discord bug. Weirdly enough, going back to an older flatpak version (0.0.42) fixed the issue. I’ll have to check the updates to see if they fix it.
Thanks on the window rules mention too. – Update on this, you are a saint. I added a rule for the telegram window in KDE so that it remembers its position, and it simply works. imgur.com/a/zrvbRPI
Yeah, idk, when I try to use the GUI it takes way longer than the CLI command somehow, and sometimes it blocks itself. It must be something related to some programming hanging itself and the system trying to wait until it stops, but I can’t be bothered, it’s way faster to open a terminal and just typing the command or opening KDE connect and pressing the “shutdown now” shortcut. Not a Wayland issue though.
I did use yakuake in the past but call it stupid brain, but once I read that alacritty was faster and I customized it to my liking, and then checking that foot was a little bit faster, I can’t go back. It’s stupid, I know that most of the use I give the terminal is actually spent on the commands themselves and that I can give transparency and remove window borders in yakuake, I’m just pissy that my fancy combo stopped working.
Maybe because those terms are confusing. Is dark souls an arpg or a jrpg? Or both? I know that jrpg is a specific genre of Japanese games, but it’s still confusing. Are final fantasy games jrpgs? Kingdom hearts? Xenoblade?
It’s just easier to say RPG and not enter in a pedantic war with the community.
I agree, honestly. I also like specifications, but I don’t like the game to be inaccurately specified. I feel that it’s better if an umbrella term is used in the title instead of a more specific fake one, and then a short description describes how the game is played or what kind of experience I should expect in several words, instead of a single term. That, alongside screenshots, let’s plays, and all sort of resources are plenty help to decide if I should buy a game or not.
RPG is used for games where you take the role of a character, and it should somewhat tell the story of either the character or the world around it. That alone differentiates some games from others like rocket league or fifa, where there’s no story, you don’t take the role of nobody that matters, what matters is the gameplay.
Hack&slash was a term used for games where you killed tons of monsters with weapons, and then Diablo started using the ARPG term to say that besides killing tons of monsters, you also get to enjoy a story in a particular ambiance. Dark Souls games also fit the description where it’s more about the action than reading, but feel like a completely different genre, right? no isometric, itemisation is vastly different, the gameplay loop is completely different… This is why just reading ARPG means nothing to me nowadays, I have to dig into the description anyway.
Another example, is “Ys origins” an ARPG or a JRPG? both? It has fast paced combat where you kill tons of mobs and a story, but it has a very japanese style, however, JRPGs are being known for having to manage a party and usually turn based combat, sooo? idk, a 3 line paragraph and 3 5 second clips would be much better than just a term for me.
Sorry for the late response btw, I just forgot lol.
It’s Tor-ti-lla. With intonation on the ti. I’m a Spaniard but even if I weren’t, intonation and pronouciation rules are fixed. Tórtilla has intonation on the Tó, and has a tilde because it’s the third syllable. Tortillá has intonation on the llá, which since it ends with an a and has the intonation is on the last syllable, in has a tilde. Tortilla has no tilde, so it must be Tor-TI-lla.
Passkeys seem like a great idea, and we are at a point where, although things are still very much in flux, software passkeys managed by password managers are starting to be usable. I thought I’d share the workflow that’s working for me on Linux with some sites, and ask the community for more tips & tricks....
I’m working on a some materials for a class wherein I’ll be teaching some young, wide-eyed Windows nerds about Linux and we’re including a section we’re calling “foot guns”. Basically it’s ways you might shoot yourself in the foot while meddling with your newfound Linux powers....
“I have 200 GB of unused space in the windows partition, I’ll just plug a live CD, divide that partition and merge it with the Linux one, ggez”
Yes, dividing the windows partition destroyed it. Yes, mixing the windows and ext destroyed Linux. I might have been able to recover something but I was like 18 and I just reinstalled windows in a fit of misdirected anger against Linux.
No shit, now I daily drive Linux and I just have two separate drives for each, with some extra drives for games and files and such. That was 10-ish years ago.
Simple fix on KDE wayland for windows to remember their last position (imgur.com)
Thanks to /u/azvasKvklenko@sh.itjust.works for mentioning KDE window rules. In KDE, we can add rules for windows so that they behave in specific ways. One rule that can be added is the position: remember rule, and it’s possible to make that rule apply to all windows by removing the match field. This way, closing and reopening...
Confused Reddit Users After Coming to Lemmy (Apparently) (lemmy.world)
Passkeys: A Shattered Dream (fy.blackhats.net.au)
I AM SO DISAPPOINTED WITH UBUNTU 24.04 😡 (news.itsfoss.com)
Are we Wayland yet or Whats missing? (lemmy.ml)
Curious from people who follow its development closely....
Why are there two different genres both called ARPG?
ARPG aka Action Role Playing Game....
rule (traditional) (lemmy.blahaj.zone)
Using passkeys on Linux & Android
Passkeys seem like a great idea, and we are at a point where, although things are still very much in flux, software passkeys managed by password managers are starting to be usable. I thought I’d share the workflow that’s working for me on Linux with some sites, and ask the community for more tips & tricks....
What're some of the dumbest things you've done to yourself in Linux?
I’m working on a some materials for a class wherein I’ll be teaching some young, wide-eyed Windows nerds about Linux and we’re including a section we’re calling “foot guns”. Basically it’s ways you might shoot yourself in the foot while meddling with your newfound Linux powers....
Let π = 5 (files.catbox.moe)
Freedom rule (lemmy.blahaj.zone)
A Dungeons & Dragons actual play show is going to sell out Madison Square Garden (techcrunch.com)